Orbi WiFi 7 RBE973
Reply

Network Topology & Security Question

MattyiceNG
Aspirant

Network Topology & Security Question

Ok I have a fairly complex topology question/issue.  I have my Orbi Pro 6 SXK80 all set up with the VLANS configured as follows:

 

Port 1 - LAN 1 - VLAN 1 Admin

Port 2 - LAN 2 - VLAN 2 Employees

Port 3 - LAN 3 - VLAN 3 IOT

Port 4 - LAN 4 - VLAN 4 Guest

 

All VLANS have client and VLAN isolation.

 

I don't connect anything into port 1 unless router.

 

For VLAN 2/Port 2 - I need to setup an Insight switch to have every PC connected to be client isolated.  How would I configure that or would it be easier to just use an unmanaged switch since client isolation is already set in router?  

 

VLAN 3/Port 3 - I need to set up a Nest router to get the smart

devices to work.  What issues/problems does putting a separate smart router on this port cause?

 

VLAN 4/Port 4 - I HATE the Orbi guest portal.  It's not secured and many devices won't connect.  Ideally I would setup a 2nd isolated Nest router to use for Guest wifi.  Will this work?

 

 

Thanks!

 

 

 

Message 1 of 13
ErwinL
NETGEAR Moderator

Re: Network Topology & Security Question

Hello@MattyiceNG 

And welcome to the NETGEAR Community! 🙂

 

For VLAN2/Port2
I guess what you can do is to access the switch GUI/settings and create VLAN 2 and have all the ports you wish to be under VLAN 2 be the member of VLAN 2 with PVID number 2 and connect it to your Orbri Pro 6 router. If that will not work try setting the port  where the Orbi is connected as Tag port.

 

VLAN 3/Port 3
You can connect and setup an access point to port 3. You do not really need a router to make smart devices to work.

 

VLAN 4/Port 4
You can simply connect and setup an access point for guest wifi access.

 

You may choose your desired specific devices for switch or access point so I can point you to the right article for the procedure if I can find one.

 

Have a lovely day,
Erwin
Netgear Team
 

Message 2 of 13
schumaku
Guru

Re: Network Topology & Security Question


@ErwinL wrote:

VLAN 4/Port 4
You can simply connect and setup an access point for guest wifi access. 


Dear @ErwinL 

 

Can the DHCP server and routing et all being fully deactivated to allow plugging a standalone router for serving the VLAN?

 

Just curious,

-Kurt. 

Message 3 of 13
MattyiceNG
Aspirant

Re: Network Topology & Security Question

Thank you for time and thoughtful answers.  Yes, I believe I can do that.  

Message 4 of 13
MattyiceNG
Aspirant

Re: Network Topology & Security Question

  1. Thanks for the reply and thoughtful answer!  I'm going to tweek this as best I can.  Many thanks!
Message 5 of 13
MattyiceNG
Aspirant

Re: Network Topology & Security Question

Erwin,

 

Thanks for the reply.  It's a catch-22; even though the built in wifi on the Orbi Pro 6 SXK80 than on any Google router, a good number of the smart devices require a Google Nest router to work.  Theoretically there shouldn't be any issues but even Google/Nest has posted some (most) of their smart products can only truly work well with a Google/Nest router.  

 

I want the Google network/VLAN isolated from everything else completely.  But since it's a router I'm plugging into Port 2, should that be a Trunk or Acess port on the Orbi setup?

Message 6 of 13
schumaku
Guru

Re: Network Topology & Security Question

@MattyiceNG wrote:

It's a catch-22; even though the built in wifi on the Orbi Pro 6 SXK80 than on any Google router, a good number of the smart devices require a Google Nest router to work.

Such as which Smart Devices are that far off the industry standards that these requiring a Nest Router please?

 

@MattyiceNG wrote:

Theoretically there shouldn't be any issues but even Google/Nest has posted some (most) of their smart products can only truly work well with a Google/Nest router.

Reads like bad marketing, if not worse. What does practically not work?

 

@MattyiceNG wrote:

I want the Google network/VLAN isolated from everything else completely.  But since it's a router I'm plugging into Port 2, should that be a Trunk or Acess port on the Orbi setup?

Completely isolated? STP and RSTP and similar protocols does always span the full network, regardless of the VLAN config on top. Last but not least, the Orbi Pro SXRnn is the router for all possible (five if I have it right) networks making up the default gateway, handling all NAT (many2one, port forwarding into [one] network, and DHCP for all these).  

 

 

 

 

 

Message 7 of 13
MattyiceNG
Aspirant

Re: Network Topology & Security Question

Yes.  Correct.  The Orbi Pro is the main router and the Google router is basically a sub router just to get the Nest products to connect.  Google/Nest devices never work well with other manufacturers routers.  They're a bit like Apple in a sense years ago.

Message 8 of 13
schumaku
Guru

Re: Network Topology & Security Question


@MattyiceNG wrote:

Google/Nest devices never work well with other manufacturers routers.  They're a bit like Apple in a sense years ago.


Which Nest devices? Any references for this claim?

 

Ok, I'm a little bit limited to what is deployed here: Nest Mini, Nest Audio, Nest Hub, Nest Hub Max, Chromecast HD, Chromecast 4K, Chromecast Audio, ... and a selection of Chromecast dongles back to the H202-42. And not Nest Router anywhere near. 

Message 9 of 13
ErwinL
NETGEAR Moderator

Re: Network Topology & Security Question

Hi@schumaku,

 

Do you mean when disabling the DHCP server function and the routing of the main router. It's possible to connect a new router to one of the network and supply VLAN to such network? 

 

Regards,

Erwin

Message 10 of 13
schumaku
Guru

Re: Network Topology & Security Question


@ErwinL wrote:

Do you mean when disabling the DHCP server function and the routing of the main router. It's possible to connect a new router to one of the network and supply VLAN to such network? 

Yes, this is what I understand the OP intends to do - what is easy in the sense of a single network covering multiple VLANs and flexible router deployments can proof to be challenging if not difficult when trying to combine multiple systems including another vendor. Last but not least, Google Nest does also have Mesh options what makes the project even more complex. Said this: I'm not to deep (or deep enough) in the Orbi Pro WiFi 6 systems -and- the Google Nest environment.

Message 11 of 13
ErwinL
NETGEAR Moderator

Re: Network Topology & Security Question

Hi@schumaku,

 

Yes this is possible. A device should use the default gateway IP address only when they intent to go out the main router or out the internet. 

 

Have a lovely day,

Erwin

Netgear Team

Message 12 of 13
ErwinL
NETGEAR Moderator

Re: Network Topology & Security Question

Hello@MattyiceNG

 

Was your problem resolved? If yes, in this case could you give us a feedback on the situation and accept the post as a solution to make it more visible to other users?

 

Thanks in advance! 🙂

 

Have a lovely day,
Erwin
Netgear Team

Message 13 of 13
Discussion stats
  • 12 replies
  • 1313 views
  • 0 kudos
  • 3 in conversation
Announcements